TrustCaptcha – Bot protection

PHP CAPTCHA Integration

Verify TrustCaptcha CAPTCHA results server-side in PHP to protect forms, logins, and checkouts from bots and spam. Our ready-made PHP package adds risk scoring and security rules. EU-hosted, GDPR-ready, and puzzle-free for a smooth UX.

Quickstart

How the integration works

1. Create a CAPTCHA

Create a user account or log in with an existing one. Then create a new CAPTCHA or select an existing one. If you’re unsure whether TrustCaptcha is right for you, try our CAPTCHA service risk-free for 14 days at no cost.

On the CAPTCHA overview page, you will find all the important information, such as the site key, secret key and licence key. Allow your websites to access your CAPTCHA by simply adding them to the access authorised domain list in the CAPTCHA security rules.

CAPTCHA security rules of a demo CAPTCHA.

2. Integrate the CAPTCHA widget into your frontend

Integrate the CAPTCHA widget into your website or app. For precise, detailed instructions, please read the CAPTCHA widget guide in our documentation.

Read the documentation

The CAPTCHA widget will then be displayed on your website or app:

Prebuild frontend integrations
You can use one of our pre-built frontend integrations to integrate the CAPTCHA widget into your website or application. If there is no pre-built integration from us for your preferred frontend technology, your software developers can integrate the CAPTCHA themselves using using our documentation or ask our support-team for a pre-built integration solution.

3. Validate the CAPTCHA result in your backend

The following steps give you an idea of how to retrieve the CAPTCHA verification result from our server in a PHP backend and determine how to proceed based on this result. For precise, detailed instructions, please read the CAPTCHA integration guide for PHP in our documentation.

Read the documentation

First, install our TrustCaptcha PHP dependency:

Install

bash

composer require trustcomponent/trustcaptcha-php

Retrieve the verification result from our server using the verification token and the secret key of your CAPTCHA:

Fetch Result

PHP

// Retrieving the verification result
$verificationResult = null;
try {
  $verificationResult = CaptchaManager::getVerificationResult("<your_secret_key>", $verificationToken);
} catch (Exception $e) {
  // Fetch verification result failed - handle error
}

Based on the verification results and your individual needs, decide how you would like to proceed:

Handle Result

PHP

// Act on the verification result
if (!$verificationResult->verificationPassed || $verificationResult->score > 0.5) {
  echo "Verification failed or bot score > 0.5 – possible automated request.";
}

Need detailed information about the PHP CAPTCHA integration?
For detailed instructions on integrating TrustCaptcha, please refer to our PHP CAPTCHA integration guide. A complete integration example for the PHP CAPTCHA can be found in our CAPTCHA Samples Repository on Github.

Other backend technology instead of PHP?
If you do not want to use PHP on your server or have several different backends, you can select a different integration here. If there is no pre-built integration from us for your preferred backend technology, your software developers can integrate the CAPTCHA verification process themselves using our documentation or ask our support-team for a pre-built integration.

4. Congratulations 🎉

You are now protected by TrustCaptcha - congratulations!

FAQs

What does the PHP integration do?

The PHP integration validates a TrustCaptcha verification token on your server. Your PHP backend fetches the verification result from TrustCaptcha and then decides whether to accept, further check, or block the request.

Do I still need to integrate the CAPTCHA widget in my frontend?

Yes. The verification token is created in your frontend (website or app) when the CAPTCHA is solved. The PHP part only verifies that token on the server.

How do I send the verification token to my PHP backend?

Send it in any way that fits your application, for example as a form field or in a JSON request. A common default name in classic forms is "tc-verification-token", but you can choose your own field name.

What do I need to validate a token in PHP?

You need the verification token from the frontend and your CAPTCHA secret key from the TrustCaptcha dashboard. With both, your server can request the verification result from TrustCaptcha.

How should I make a decision based on the verification result?

Always check "verificationPassed" first. If you also want more control, use the bot score (0.0 = very likely human, 1.0 = very likely bot) and start with a threshold like 0.5, then adjust it to your risk and use case.

How long is a verification token valid, and can it be used more than once?

By default, a token is single-use and should be verified within 15 minutes. Depending on your plan, you can extend the time window and allow a limited number of re-checks in the dashboard.

Losing leads to CAPTCHAs?

TrustCaptcha blocks spam and bots, not customers. No puzzles, GDPR-ready, EU-hosted.

Puzzle-free UX

Runs in the background while visitors type — so more people finish your forms and fewer drop off.

GDPR-ready

EU-hosted and privacy-first: no cookies, encrypted transmission, automatic cleanup — with ready-to-use legal resources.

Multi-layer Security

Adaptive protection plus intelligent risk scoring stops abuse early — even when attack traffic spikes.

Full Control

Fine-tune sensitivity, set allow/block lists, and use geoblocking — you decide how strict verification should be.

Protect your PHP application with TrustCaptcha in just a few steps!

EU-hosted & GDPR-ready
No puzzles
Try free for 14 days

Get started Contact sales